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Abstract 

A  class  of  mappings  called  abstractions  are   defined, 
and  examples  of  abstractions  are  given.  These  functions  map  a  set  S 
of  clauses  onto  a  possibly  simpler  set  T  of  clauses.  Also,  resolution 
proofs  from  S  map  onto  possibly  simpler  resolution  proofs  from  T.   In 
order  to  search  for  a  proof  of  a  clause  C  from  S,  it  suffices  to  search 
for  a  proof  from  T  and  attempt  to  invert  the  abstraction  mapping  to 
obtain  a  proof  of  C  from  S.  Some  theorem  proving  strategies  based  on 
this  idea  are   presented.  Most  of  these  strategies  are  complete.  A 
method  of  using  more  than  one  abstraction  at  the  same  time  is  presented 
in  Part  II.  This  requires  the  use  of  "mul ticlauses" ,  which  are  multisets 
of  literals,  and  associated  "m-abstraction  mappings"  on  mul ticlauses. 
Certain  abstractions  are  especially  interesting,  because  they  correspond 
to  particular  interpretations  of  the  set  S  of  clauses.  The  use  of 
abstractions  permits  the  advantages  of  set-of-support  strategies  to  be 
realized  in  arbitrary  complete  non  set-of-support  resolution  strategies. 
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List  of  Notations  Used 

T  a  resolution  proof 

C  arbitrary  clause  in  a  proof 

D  an  abstraction  of  C 

Result(T)  result  (final  clause)  of  a  proof  T 

C  result  of  a  proof 

D'  an  abstraction  of  C 

B  clause  obtained  from  abstractions  by  resolution 

f  abstraction  mapping 

Res(T)  set  of  resolutions  in  a  proof  T 

Nodes (T)  set  of  nodes  in  a  proof  T 

N,  N'  nodes  in  a  proof 

d  depth  of  a  node  in  a  proof 

label  (N)  label  of  a  node  N 

< Nl ,  N2,  N3>  a  resolution  (a  triple  of  nodes) 

R,  M  relations  between  clauses,  proofs 

T  t  U  the  proof  U  is  an  abstraction  of  the  proof  T  via  abstraction 
mapping  f 

V,  W,  X,  Y,  Z  proofs,  usually  abstracted  proofs 
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1.   INTRODUCTION 

The  use  of  analogy  seems  to  be  helpful  in  many  areas  of  problem 
solving  P,2].  We  present  a  particular  kind  of  analogy  which  applies  to 
theorem  proving  in  the  first-order  predicate  calculus.   In  particular, 
given  a  problem  A,  we  convert  it  to  a  simpler  problem  D.   If  A  has  a 
solution,  then  B  does  too,  and  one  of  the  solutions  to  B  will  have  a 
structure  similar  to  the  structure  of  a  solution  to  A.  Therefore,  we 
can  use  solutions  to  B  as  guides  in  searching  for  solutions  to  A.  In 
this  way,  we  avoid  even  looking  at  possible  solutions  to  A  that  do  not 
correspond  to  any  solution  to  B.  Of  course,  B  may  have  solutions  even  if 
A  does  not. 

In  part  I  of  this  paper,  we  apply  this  idea  to  resolution  theorem 
proving  in  the  first-order  predicate  calculus  [3].  The  approach  seems 
sufficiently  general  to  apply  to  other  sets  of  inference  rules  and  to 
higher-order  logics  as  well.  We  define  a  class  of  mappings  called 
"abstraction  mappings"  which  satisfy  certain  properties.  These  mappings 
convert  a  set  of  clauses  A  into  a  simpler  set  of  clauses  B.  Also, 
proofs  in  A  correspond  to  proofs  in  B  having  a  similar  structure.  We 
present  several  such  abstraction  mappings,  and  give  a  general  method 
for  obtaining  such  mappings.  Both  syntactic  and  semantic  mappings  are 
considered.  A  useful  class  of  non-trivial  semantic  abstractions  can 
be  generated  completely  automatically.  We  then  present  some  incomplete 
and  complete  theorem  proving  strategies  based  on  abstractions.  These 
strategies  can  guide  the  search  for  a  proof  of  a  particular  consequence 
of  a  set  of  clauses,  as  well  as  guiding  the  search  for  a  proof  that  a 
set  of  clauses  is  inconsistent. 

Some  new  inference  rules  related  to  resolution  are   discussed  in  Part  II 
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n  particular,  we  introduce  "m-clauses,"  which  are  multisets  of  literals, 
rhal  is,  with  each  literal  in  the  m-clause,  a  count  is  kept  of  "how  many 
times  it  occurs"  in  the  m-clause   A  version  of  resolution  called  m- 
resolution  is  defined  for  m-clauses.   In  addition,  m-abstractions  are  defined. 
These  map  a  set  A  of  m-clauses  onto  a  simpler  set  B,  such  tnat  m-resolution 
proofs  from  A  map  onto  m-resolution  proofs  in  B  having  the  same  shape.  The 
advantage  of  m-abstractions  is  that  they  preserve  much  more  of  the  structure 
of  a  proof  than  do  ordinary  abstractions.  As  a  consequence,  theorem  proving 
strategies  based  on  m-abstractions  are  much  simpler  and  much  more  elegant 
than  strategies  based  on  ordinary  abstractions.  Also,  there  are  strategies 
that  use  more  than  one  m-abstraction  at  the  same  time.  This  corresponds  to 
the  use  of  more  than  one  analogy  at  the  same  time.  In  this  way  we  get  a  very 
restrictive  search  strategy,  which  has  no  known  counterpart  in  ordinary 
resolution  and  ordinary  abstractions.  All  the  strategies  which  we  present 
that  are  based  on  m-abstractions  are  complete. 

Bounded  m-clauses  are  discussed  next.  They  are   m-clauses  in  which 
less  information  about  the  number  of  occurrences  of  a  literal  in  a  clause 
is  kept.  Abstractions  and  complete  theorem  proving  strategies  based  on 
bounded  m-clauses  are  presented.  The  advantage  of  bounded  m-clauses  is  that 
the  abstracted  search  space  is  often  finite,  and  can  he  searched  exhaustively 
without  excessive  effort.  A  related  kind  of  clause  called  an  "interval  m-clausi 
ir,   alr,o  discussed. 

Next  we  present  a  particular  kind  of  abstraction  which  seems  to 
correspond  to  an  "incompletely  specified  diagram."  That  is,  these  abstractions 
are   related  to  interpretations  of  a  set  of  clauses  in  which  part  of  the 
interpretation  is  not  fully  described.  The  use  of  these  abstractions  seems 

orrespond  to  the  human  problem-solving  approach  in  which  diagrams  are 
drawn  with  dots  and  vague  areas  to  indicate  unimportant  features.  Other  classes 

-abstractions  and  houndr-d  m-abstractions  are  also  mentioned. 
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The  use  of  abstractions  and  related  methods  of  analogy  gives 
a  way  to  use  semantic  information  and  specialized  knowledge  in  a  general, 
hierarchical  theorem  proving  strategy.  The  basic  idea  is  to  construct 
an  outline  of  a  proof  and  fill  in  the  details  later.  This  strategy  is  a 
global  strategy  and  avoids  the  "myopia"  of  most  theorem  provers.  That,  is, 
each  step  of  the  search  is  controlled  in  a  meaningful,  non-trivial  way 
by  the  structure  of  the  problem  as  a  whole  rather  than  by  local  information 
such  as  whether  two  clauses  can  resolve  according  to  a  certain  strategy. 
We  view  such  local  behavior  as  one  of  the  greatest  weaknesses  of  current 
theorem  provers.  This  use  of  analogy  has  the  additional  advantage  that 
the  search  strategy  becomes  more  and  more  restrictive  as  the  depth  of 
inference  becomes  larger  and  larger.  Near  the  end  of  the  search,  the  number 
of  choices  is  restricted  more  than  in  the  middle,  even  though  the  strategy 
is  based  on  forward  reasoning.  This  contrasts  with  conventional  strategies, 
in  which  the  search  space  seems  to  grow  exponentially  in  size  with  increasing 
depth.  The  use  of  abstraction  also  allows  for  the  possibility  of  several 
levels  of  abstraction,  each  level  keeping  less  information  than  the  preceding 
level.  The  search  at  each  level  can  be  guided  by  the  search  at  the  next 
higher  level  of  abstraction. 

One  advantage  of  abstraction  is  that  it  automatically  selects  from 
the  input  clauses  those  clauses  which  seem  relevant  to  the  given  problem. 
Thus  we  get  the  advantages  of  "set-of-support"  strategies.  However,  the 
search  strategies  based  on  abstraction  turn  out  to  be  compatible  with  other 
complete  resolution  strategies  such  as  lockinn  resolution  and  Pl-deduction. 
Therefore,  we  can  get  the  advantages  of  set-of-support  strategies  in  resolution 
strategies  that  are  not  directly  compatible  with  the  set-of-support  restriction 


This  compatibility  should  be  particularly  useful  when  there  is  a  large 

number  of  input  clauses,  not  all  of  them  relevant  to  the  given  problem. 

We  use  a  fairly  standard  notation  for  programs.  For  loops,  we 

use  the  loop. . . wh i 1 e . . .repeat  and  the  loop. .until . .repeat  constructs. 

The  while  and  until  clauses  may  occur  at  the  beginning  or  at  the  end  of 

the  loop.  Also,  if  A(x, ,  x?,  ...,  x  )  is  a  Boolean-valued  expression 

over  the  free  variables  x, ,  Xp,  ...,  x  ,  then  we  use  there  exist 

x, ,  x~,  . . . ,  x  such  that  A(x, ,  x~,  . . . ,  x  )  in  the  fol lowing  way: 

The  value  of  this  expression  is  TRUE  if  3x,3x2..3x  A(x, ,  x?,  ...,  x  )  is 

true,  and  FALSE  otherwise.  If  the  value  is  TRUE,  then  x, ,  x0,  ...,  x  are 

12       n 

assigned  values  making  A(x, ,  x^,  ...,  x  )  true.  Thus  we  can  write  if  there 
exist  x, ,  Xp,  • .  • ,  x  such  that  A(x-, ,  x?,  . . . ,  x  )  then  [do  something 
with  x,,  Xp,  ...,  x  ]  else  ...  fi_.  This  allows  us  to  write  programs 
without  specifying  the  details  of  how  x, ,  x?,  ...,  x  satisfying 
A(x-|,  Xp,  ...,  x  )  are  actually  found,  if  they  exist. 
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2.  ORDINARY  ABSTRACTIONS 

Standard  resolution  theorem  proving  terminology  will  be  assumed 
[4].   In  particular,  we  say  a  clause  CI  subsumes  a  clause  C2  if  there  is 
a  substitution  8  such  that  Cle  is  a  subset  of  C2.  Also,  clauses  C  and  D 
are  variants  if  they  are  instances  of  each  other.  That  is,  C  and  D  are 
the  same  except  for  a  renaming  of  variables. 

Definition.  An  abstraction  is  an  association  of  a  set  f(C)  of 
clauses  with  each  clause  C  such  that  f  has  the  following  properties: 

1.  If  clause  C3  is  a  resolvent  of  CI  and  C2  and  D3  e  f(C3)  then 
there  exist  Dl  E  f (CI )  and  D2  E  f(C2)  such  that  some 
resolvent  of  Dl  and  D2  subsumes  D3. 

2.  f(NIL)  =  {NIL}.  (NIL  is  the  empty  clause.) 

3.  If  CI  subsumes  C2,  then  for  every   abstraction  D2  of  C2  there 
is  an  abstraction  Dl  of  CI  such  that  Dl  subsumes  D2. 


If  f  is  a  mapping  with  these  properties  then  we  call  f  an  abstract!" 


on 


mapping,  of  clauses.  Also,  if  D  E  f(C)  we  call  D  an  abstraction  of  C. 
Abstractions  usually  also  satisfy  the  property  that  f(C)  is  a  tautology 
if  C  is. 

Definition.  A  weak  abstraction  is  an  association  of  a  set  f(C) 
of  clauses  with  each  clause  C  such  that  f  has  the  following  properties: 
1.   If  clause  C3  is  a  resolvent  of  CI  and  C2,  and  D3  e  f(C3), 
then  there  exist  Dl  E  f (CI )  and  D2  E  f(C2)  such  that  either 
Dl  subsumes  D3  or  D2  subsumes  D3  or  some  resolvent  of  01 
and  D2  subsumes  D3. 
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2,3.  As  in  the  definition  of  abstraction. 

If  f  is  such  a  function,  we  call  f  a  weak  abstraction  mapping  of 
clauses.  If  clause  D  is  in  f(C),  we  call  D  a  weak  abstraction 
of  C. 

The  following  result  gives  us  a  fairly  general  method  of  constructing 
abstractions.  Later  we  will  see  other  methods. 

Theorem  2.1.  Suppose  $   is  a  mapping  from  literals  to  literals. 
Let  us  extend  $   to  a  mapping  from  clauses  to  clauses  by  <j>(C)  =  {^( L) : L  e  C}. 
Suppose  <j>  satisfies  the  following  two  properties: 

1.  <f>(L)  =  ^"(L).  That  is,  <f>  preserves  complements. 

2.  If  C  and  D  are  clauses  and  D  is  an  instance  of  C,  then  <j>(D) 
is  an  instance  of  <j>(C).  That  is,  <j>  preserves  instances. 

Then  <j>  is  an  abstraction  mapping.  To  be  precise,  f  is  an  abstraction 
mapping  where  f(C)  =  {<j>(C)}. 

Proof.  All  properties  are  easy  to  verify  except  property  1. 
We  do  this  as  follows: 

Suppose  C3  is  a  resolvent  of  CI  and  C2.  Then  there  exist  Al ,A2 
such  that  Al  c  CI  and  A2  c  C2  and  there  exist  substitutions  al ,a2  such  that 
Alal  =  {L}  and  A2a2  =  {L}  for  some  literal  L.  Let  al ,a2  be  most  general 
such  substitutions,  and  suppose  that  C3  =  (CI  -  Al)al  u  (C2  -  A2)a2.  We 
desire  to  show  that  4>(C3)  is  subsumed  by  a  resolvent  of  4>(C1)  and  <j>(C2). 
Now,  <j)(Clal)  =  <fr((Cl  -  Al)al)  u  {(j>(L)}  and  <{>(C2a2)  =  <f>((C2  -  A2)a2)  u  U(L)}. 
Also,  *(L)  =  4>(L)  by  properties  of  <j>.  Thus  <j>((Cl  -  Al)al)  u  <j>((C2  -  A2)a2) 
is  either  a  resolvent  of  ^(Clal)  and  <j>(C2a2)  or  has  a  proper  subset  which  is 
a  resolvent  of  i(Clul)  and  <j»(C2a2).   (It  could  be  that  <j>(L)  e  *((C1  -  Al)al), 
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for  example.)  Note  that  <t>(C3)  =  <|>((C1  -  Al)«l)  u  <},((C2  -  A2)a2).  Hence  some 
resolvent  of  <|>(Clal)  and  <j>(C2a2)  subsumes  4> ( C3 ) .  However,  ^(Clal )  is  an 
instance  of  4>(C1)  and  <j>(C2a2)  is  an  instance  of  <j>(C2)  by  properties  of  <|>. 
Hence  by  properties  of  resolution,  some  resolvent  of  4>(C1)  and  <j>(C2)  subsumes 
4>( C3) .  We  could  prove  a  similar  theorem  if  we  let  <j>  be  a  relation  between 
literals  and  literals,  and  if  we  required  4  to  have  the  appropriate  properties 

The  following  result  is  more  general. 

Theorem  2.2.  Suppose  F  is  a  set  of  mappings  from  literals  to 
literals.  Suppose  that  for  all  4  e  F,  for  all  literals  L,  4>(L)  =  4(L) . 
If  C  is  a  clause,  let  41(C)  be  (4>(L):L  e  C},  as  usual.  Suppose  that  if 
clause  D  is  an  instance  of  clause  C,  then  for  all  4>2  e  F  there  exists 
4>1  e  F  such  that  4>2(D)  is  an  instance  of  4>1(C).  Define  f  by  f(C)  = 
£ 4>( C ) : cj>  e  F}.  Then  f  is  an  abstraction  mapping. 

Proof.  As  before,  properties  2,  3,  and  4  of  abstractions  are 
easy  to  verify.  We  show  that  f  satisfies  property  1. 

Suppose  C3  is  a  resolvent  of  CI  and  C2.  Then  there  exist 
sets  A1,A2  of  literals  such  that  Al  c  CI  and  A2  c  C2  and  there  exist 
substitutions  al  and  a2  such  that  C3  =  (CI  -  Al)al  u  (C2  -  A2)a2.  Also, 
for  some  literal  L,  Alal  =  (U  and  A2a2  =  {I}.     We  desire  to  show  that 
for  all  43  e  F,  there  exist  4>1  e  F  and  4>2  e  F  such  that  4>3(C3)  is  sub- 
sumed by  a  resolvent  of  4>1(C1)  and  4>2(C2). 

Let  4>1  and  4>2  be  such  that  <j>3(Clal)  is  an  instance  of  4>1(C1)  and 
43(C2a2)  is  an  instance  of  <j>2(C2).  Such  <j>l  and  <j»2  must  exist,  by  hypotheses 
concerning  F. 
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Now,  4>3(C3)  =  <j>3((Cl  -  Al)al)  u  «j,3((C2  -  A2)a2).  Also, 
<|)3(Alal)  =  {<|>3(L)}  and  <j>3(A2a2)  =  {<J>3(L)}  =  {cf>3(L)}.  Hence  as  before, 
4>3(C3)  has  a  subset  (possibly  a  proper  subset)  which  is  a  resolvent  of  <|>3(Clal) 
and  4)3(C2a2).  Therefore,  since  <j>3(Clal)  is  an  instance  of  4>1  ( CI )  and 
<(>3(C2a2)  is  an  instance  of  <f>2(C2) ,  <f>3(C3)  is  subsumed  by  some  resolvent 
of  4>1(C1)  and  <f>2(C2). 

If  f  is  an  abstraction  mapping  as  in  the  above  theorem,  then  we 
say  f  is  defined  in  terms  of  literal  mappings.  Not  all  abstractions  are 
defined  in  terms  of  literal  mappings. 

2.1  EXAMPLES  OF  ABSTRACTIONS 

Using  these  theorems,  we  can  construct  many  abstractions.  We 
now  give  some  examples  of  abstractions,  all  of  which  can  be  obtained 
from  the  above  theorems.  The  first  syntactic  abstraction  example  can 
be  obtained  from  Theorem  2.2;  the  other  syntactic  abstraction  examples  can 
be  obtained  from  Theorem  2.1.  The  semantic  abstraction  example  can  be  obtained 
from  Theorem  2.2. 

Examples  o{)  Syntactic  Ab&tAactLoni 

1.  The  ground  abstraction.  If  C  is  a  clause,  then  f(C)  = 
(C':C  is  a  ground  instance  of  C}.  Note  that  f(C)  will 
usually  be  an  infinite  set  of  clauses. 

2.  The  propositional  abstraction.  If  C  is  the  clause 

{L,  ,L2,. . .  ,L.  }  then  f(C)  is  {C}  where  C  is  the  clause 
{L'  ,Lp,. . .  ,L£}  and  L!  is  defined  as  follows,  for  1  <_  i  <_  k: 

If  Li  is  of  the  form  P(t, t  )  then  L] 

is  P.  If  Li  is  of  the  form  HP(t1 ,. . . ,t  )  then 
L!  is  HP. 
Thus  f(C)  is  a  clause  in  the  propositional  calculus. 
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Renaming  predicate  and  function  symbols.  For  clause  C, 

f(C)  =  {C}  where  C  is  the  clause  in  which  all  function 

and  predicate  symbols  of  C  have  been  renamed  in  some 

systematic  way.  The  renaming  need  not  be  one-to-one; 

two  distinct  predicate  or  function  symbols  may  be  renamed 

to  the  same  symbol.  However,  a  predicate  symbol  and  a  function 

symbol  may  not  be  renamed  to  the  same  symbol . 

Changing  signs  of  literals.  Let  Q  be  a  set  of  predicate 

symbols.  If  C  is  the  clause  {L, ,...,!_,}  then  f(C)  is 

{C}  where  C  is  the  clause  {!_-!,. ..,!_'}  and  L!  is  defined 

as  follows,  for  1  <  i  <_  k: 

If  L.  is  of  the  form  P(tp...,t  )  and  P  e  Q  then 

L:  is  np(tr...,tn).  If  Li  is  of  the  form  np(t1,...,t  ) 

and  P  e  Q  then  L!  is  P(t,,...,t  ).  Otherwise,  L! 
i      In  l 

is  Lr 

Permuting  arguments.  For  clause  C,  f(C)  =  {C1}  where  C 
is  C  with  the  order  of  the  arguments  of  certain  function  or 
predicate  symbols  changed  in  some  systematic  way. 
Deleting  arguments.  For  clause  C,  f(C)  =  {C}  where  C  is 
C  with  certain  arguments  of  certain  function  or  predicate 
symbols  deleted.  For  example,  g(t,  ,...,t  )  may  be  replaced 
by  q(t?,...,t  )  everywhere.  Note  that  the  proposi tional 
abstraction  is  a  special  case  of  this  (all  arguments  of 
all  predicate  symbols  are  deleted). 
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Examplz  o&  a  Semantic  AbA&iaction 

With  each  clause  C,  we  associate  a  set  f(C)  of  clauses  as 
follows: 

Let  I  be  an  interpretation  of  the  set  of  clauses  over  some  set 
of  function  and  predicate  symbols.  Let  V   be  the  domain  of  the  interpreta- 
tion I.  The  interpretation  I  can  treat  equality  as  any  other  predicate 
symbol.  That  is,  we  may  have  a,  =  a„  true  in  I  even  if  a,  and  a?  are 
distinct  elements  of  V. 

With  each  ground  literal  of  form  P(t, »...,t  )  we  associate  the 
literal  P(a,,...,a  )  where  a.  c  V   and  a-  is  the  value  of  t.  in  the  inter- 
pretation I,  for  1  <_  i  <  n.  With  the  literal  P(t,  ,...,t  )  we  associate 
P(ar...,an). 

With  each  ground  clause  C  =  {L,,...,L, }  we  associate  C  = 
{U,...,LM  where  I',   is  associated  with  L.  as  indicated  above.  If  CI 
is  an  arbitrary  clause  then  f (CI )  =  {D:  D  is  associated  with  C  for  some 
ground  instance  C  of  CI}.  We  call  f  the  I-abstraction  or  the  abstraction 
obtained  from  I. 

Example:  If  7  is  the  usual  interpretation  of  arithmetic  then 
with  the  clause  fl(x<y) ,  n(y<z),  x  <_  z}  we  associate  the  clauses 
(-1(1^2),  H(2<3),  1  <  3},CI(1<5),  ~1(5<2),  1  <_  2},  n{8<7),   1(7<6) ,  8^6} 
et  cetera.  The  clauses  in  f(C)  will  be  true  in  I  if  C  is,  but  need  not 
be  in  general . 

Note  that  f(C)  may  contain  Infinitely  many  clauses  if  f  1s  an 
I-abstraction  as  above  and  V   is  infinite.  However,  if  V   is  finite,  then 
f(C)  will  be  finite  for  every   clause  C.  Such  abstractions  appear  to  be 
particularly  useful.   In  fact,  such  abstractions  can  be  generated  autonaticall; 
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by  choosing  0   to  be  (1,  2,  3,  ...,  n}  for  some  small  n  and  assigning  to 
each  function  symbol  in  S  an  arbitrary  function  from  V   to  V.      If 
abstraction  f  is  defined  in  this  way,  then  it  is  straightforward  to 
compute  f(C)  given  clause  C. 

ExampU'   i'n  a   Weafc  Ab6tAaction 

Suppose  P  is  a  predicate  symbol.  With  the  clause  C  we 
associate  C  where  C  is  C  with  all  literals  containing  P  deleted. 

2.2  ALGEBRAIC  PROPERTIES  OF  ABSTRACTIONS 

Definition.  Suppose  f,  and  f~  are  abstractions.  The  composition 
of  f-.  and  f~,  denoted  Lf,,  is  defined  by 

fgf^C)  =  u  {f2(D)  :  D  c  f^C)}. 

If  f,  or  f2  are   weak  abstractions,  their  composition  is  defined  similarly. 

Definition.  The  identity  abstraction  is  the  mapping  f  such  that 
f(C)  =  {CI  for  all  clauses  C. 

Definition.  We  say  abstractions  f,  and  f~  are  inverses  if 
f,f?  =  f  and  fpf,  =  f  where  f  is  the  identity  abstraction.  If  an  ab- 
straction has  an  inverse,  then  it  really  hasn't  thrown  away  any  information 
about  the  set  of  clauses.  For  example,  a  1-1  renaming  of  predicate  symbols 
is  an  invertible  abstraction.   In  general,  a  weak  abstraction  can  throw 
away  more  information  than  can  an  ordinary  abstraction. 

Theorem  2.3  The  composition  of  two  abstractions  is  an 
abstraction.  The  composition  of  two  weak  abstractions  is  a  weak  abstraction. 
The  composition  of  an  ordinary  abstraction  and  a  weak  abstraction  is  always 
a  weak  abstraction,  but  not  necessarily  an  ordinary  abstraction. 

Proof.  We  first  show  that  the  composition  of  two  abstractions 
is  an  abstraction.  Suppose  f-.  and  f~  are  abstractions.  We  show  that 
fpf  is  an  abstraction. 
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iome 


Suppose  C3  is  a  resolvent  of  CI  and  C2  and  E3  e  f2f-,(C3) 
Let  D3  be  an  element  of  f -.  ( C3)  such  that  E3  e  f2(D3).  Since  f-,  is  an 
abstraction,  there  must  exist  Dl  e  f-|(Cl)  and  D2  e  f -.  (C2)  such  that  si 
resolvent  D  of  Dl  and  D2  subsumes  D3.  Since  f2  is  an  abstraction,  and 
since  D  subsumes  D3,  there  exists  E'  e  f2(D)  such  that  E1  subsumes  E3. 
Also,  since  f2  is  an  abstraction,  there  exist  El  e  fo(Dl)  and  E2  e  f9(D2) 
such  that  some  resolvent  E  of  El  and  E2  subsumes  E'.  Therefore,  E  subsumes 
E3.  Since  El  e  f2f-i(Cl)  and  E2  e  f2f, (C2),  we  have  shown  that  fpf-i  has 
property  1.  See  figure  1.  Note  that  we  needed  to  use  property  3  of  f? 
to  obtain  this  proof. 


E2 


Tin.1  composition  of  two  abstractions 
Figure  1 


It  is  easy  to  show  that  f«f,  has  properties  2  and  3.  Hence  f 2^-1  is  an 
abstraction  mapping. 

He  now  show  that  the  composition  of  two  weak  abstractions  is  a 
weak  abstraction.  Let  notation  be  as  above,  except  that  f-,  and  f2  are 
weak  abstractions.  The  only  cases  we  haven't  covered  are  when  Dl  subsumes 
D3  or  D2  subsumes  D3,  or  when  this  is  not  true  but  El  subsumes  E'  or  E2 
subsumes  E'.   If  Dl  subsumes  D3,  then  by  property  3  of  fp,  there  exists 
El  .  f (Dl )  such  that  El  subsumes  E3.  Similarly  if  D2  subsumes  D3. 
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Suppose  some  resolvent  D  of  Dl  and  D2  subsumes  D3.  Let  E'  i    f(D) 
be  such  that  E'  subsumes  E3,  as  before.   If  El  subsumes  E',  then  El 
subsumes  E3  also.   If  E2  subsumes  E',  then  E2  subsumes  E  also.   If 
some  resolvent  E  of  El  and  E2  subsumes  E1,  then  E  subsumes  E3  also.  Thus 
f?f,  satisfies  property  1  of  weak  abstractions.  Also,  properties  2  and 
3  can  easily  be  established,  as  before.  Hence  f?f,  is  a  weak  abstraction. 

Suppose  f,  is  the  identity  abstraction  and  f?  is  a  weak  abstraction 
but  f?  is  not  an  ordinary  abstraction.  Then  f^f-i  =  f?  so  the  composition 
of  an  ordinary  abstraction  and  a  weak  abstraction  need  not  be  an  ordinary 
abstraction.  It  will  always  be  a  weak  abstraction,  however,  since 
ordinary  abstractions  are  weak  abstractions  and  the  composition  of  two  weak 
abstractions  is  a  weak  abstraction. 

Definition.  If  f,  and  f0  are  abstractions,  then  their  union 
f  is  defined  by  f(C)  =  f^C)  u  f  (c)  for  all  clauses  C. 

Theorem  2.4.  If  f-,  and  f«  are  abstractions,  their  union  is  also 
an  abstraction.  If  f,  and  f2  are  weak  abstractions,  their  union  is  also  a 
weak  abstraction.  If  f,  is  an  abstraction  and  f«  is  a  weak  abstraction, 
their  union  is  a  weak  abstraction  but  not  necessarily  an  ordinary 
abstraction. 

Proof.  Easy. 

It  is  not  difficult  to  show  that  if  f,  and  f?  are  abstractions 
defined  in  terms  of  literal  mappings,  then  the  union  and  composition  of 
f-j  and  f«  are  also  defined  in  terms  of  literal  mappings. 
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2.3  JUSTIFICATION   OF  THE  DEFINITION 

The  definitions  of  abstraction  and  weak  abstraction  seem  somewhat 
unusual,  and  perhaps  deserve  some  intuitive  justification.  It  would  seem 
reasonable  in  the  definition  of  an  abstraction  to  require  that  D3  be  a 
resolvent  of  Dl  and  D2,  instead  of  D3  having  some  such  resolvent  as  a 
subset.  However,  in  going  from  CI  to  Dl ,  it  may  be  that  distinct  literals 
of  CI  correspond  to  identical  literals  of  Dl ,  and  similary  for  C2  and  D2. 
When  removing  literals  from  Dl  and  D2  in  resolution,  we  may  remove  "too 
much"  because  we  may  remove  literals  that  correspond  to  literals  that 
still  remain  in  CI  or  C2.  Here  is  an  example. 

Consider  the  propositional  abstraction.  Let  CI  be  the  clause 
{P^a),  P^b),  P2(c)}  and  let  C2  be  (P^a)}.  Let  C3  be  (P^b),  P2(c)}, 
which  is  a  resolvent  of  CI  and  C2.  The  only  abstractions  of  CI,  C2,  and  C3, 

respectively,  are  {P,,P2},  {P-,},  and  {F,  ,Pp}.  However,  {P",  ,P?}  is  not  a 
resolvent  of  {P^P^  and  {P^,  but  has  a  proper  subset  (namely  P~)  which 
is  a  resolvent  of  IP",  ,P2)  and  {P,}. 

The  following  example  will  illustrate  why  in  a  weak  abstraction, 
Dl  or  D2  may  be  a  subset  of  D3.  Suppose  the  weak  abstraction  deletes 
all  literals  P2  and  P2  from  propositional  clauses.  Suppose  CI,  C2,  C3, 
Dl ,  D2,  and  D3  are   as  follows: 


CI:   (P2,P3} 
C2:   {FrP2) 

C3:   (P-,  ,P3) 


Dl 
D2 
D3 


{P3} 
{PrP3} 


In  this  case,  Dl  and  D2  cannot  resolve  at  all,  but  both  are  subsets  of 
D3. 
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The  following  example  will  show  why  the  definition  of  abstraction 
states  that  some  resolvent  of  Dl  and  D2  subsumes  D3  rather  than  that  some 
resolvent  of  Dl  and  D2  i s  a  subset  of  D3.  Suppose  the  abstraction  deletes 
the  second  argument  of  the  predicate  PI.  Let  CI,  C2,  C3,  Dl ,  D2,  and  D3 
be  as  follows: 

CI:   {Pl(z,f(x))l  Dl:   {Pl(z)> 

C2:   {Pl(y,y),P2(y)}  D2:   {PI (y) ,P2(y) } 

C3:   {P2(f(x))}  D3:   {P2(f(x))} 

The  only  resolvent  of  Dl  and  D2  is  (P2(y)},  which  is  not  a  subset  of 
{P2(f(x))K  However,  (P2(y)l  does  subsume  (P2(f(x))}. 

2.4  ABSTRACTIONS   OF  RESOLUTION  PROOFS 

We  now  show  how  abstractions  can  be  used  to  guide  the  search 
for  a  proof  of  a  clause  C  from  a  set  S  of  clauses.  First  we  show  that 
if  there  is  a  proof  of  C  from  S,  then  there  is  an  "abstracted  proof"  of 
something  subsuming  an  abstraction  of  C,  from  abstractions  of  clauses 
in  S.  We  then  describe  procedures  which,  given  an  abstracted  proof, 
attempt  to  reconstruct  the  original  proof.  Although  this  is  not  always 
possible,  we  are   able  to  give  a  complete  theorem  proving  strategy  which 
uses  abstracted  proofs  as  a  guide  in  searching  for  a  proof  of  C  from 
S. 

If  f  is  an  abstraction  mapping  and  S  is  a  set  of  clauses,  then 
we  write  f(S)  to  indicate  u{f(C):  C  c  S}. 
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Theorem  2.5.  Suppose  S  is  a  set  of  clauses  and  f  is  an 
abstraction  mapping  or  a  weak  abstraction  mapping  for  S.  Suppose  C 
is  a  clause  derivable  from  S  by  resolution  and  D1  e  f(C').  Then  there  is 
a  clause  B'  derivable  from  f(S)  by  resolution,  such  that  B*  subsumes  D'. 

Proof.  By  induction  on  the  depth  of  the  proof  of  C.  If  C  e  S, 
the  theorem  is  true  since  we  can  choose  B'  to  be  D'.  Suppose  C  is  a 
resolvent  of  CI  and  C2,  where  CI  and  C2  can  be  derived  from  S  by  proofs 
of  depth  less  than  the  depth  of  the  proof  of  C.  Suppose  Dl  is  a  weak 
abstraction  of  CI  such  that  Dl  subsumes  D'.  Applying  the  theorem  inductively; 
there  must  be  a  clause  Bl  derivable  from  f(S)  by  resolution,  such  that 
Bl  subsumes  Dl .  Hence  Bl  subsumes  D1. 

Suppose  Dl  and  D2  are  abstractions  or  weak  abstractions  of  CI 
and  C2,  respectively,  such  that  some  resolvent  D  of  Dl  and  D2  subsumes 
D'.  The  clauses  Dl  and  D2  must  exist,  if  the  preceding  case  does  not 
apply.  Applying  the  theorem  inductively,  there  must  exist  clauses  Bl 
and  B2  derivable  from  f(S)  such  that  Bl  subsumes  Dl  and  B2  subsumes  D2. 
It  follows  by  the  properties  of  subsumption  that  either  Bl  subsumes  D 
or  B2  subsumes  D  or  some  resolvent  B  of  Bl  and  B2  subsumes  D.  Hence 
either  Bl  subsumes  D1  or  B2  subsumes  D'  or  some  resolvent  B'  of  Bl  and  B2 
subsumes  D'.  This  completes  the  proof.  Note  that  the  derivation  of  B 
from  f(S)  will  have  depth  not  more  than  the  depth  of  the  derivation  of 
C  from  S. 

Corollary:   If  S  is  inconsistent  so  is  f(S). 
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Proof .  Take  C  to  be  NIL.  Then  D'  is  also  NIL,  by  properties 
of  abstraction  and  weak  abstraction  mappings.  Since  B'  subsumes  D', 
B'  must  be  NIL  also.  Since  B'  is  derivable  from  f(S),  f(S)  is  inconsistent, 

This  theorem  can  be  used  to  show  that  S  is  consistent,  but 
its  main  value  for  us  is  in  the  information  that  a  proof  in  f(S)  can 
aive  us  about  the  structure  of  a  possible  proof  in  S.  Here  are  some 
examples. 

Example  1.  Consider  the  following  proof: 

P(x),  Q(x),  R(x)     P(x) 

\    / 

Q(a)        Q(x),  R(x) 

^  / 
R(a) 

Suppose  f  is  the  propositional  abstraction.  Thus  P(t,-..t  )  is  replaced 
by  P,  P(t, ...t  )  is  replaced  by  P,  et  cetera.  We  have  the  following 
abstracted  proof: 

P,  Q,  R       P 

\   / 

Q       Q,  R 


Example  2.  Consider  the  following  proof: 

P(a),  P(b),  0(c)       P(a) 

\      / 

P(b),  R(d)       P(b),  Q(c) 

v       / 

0(c),  R(d) 
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Suppose  f  is  the  propositi onal  abstraction.  We  have  the  following 
abstracted  proof: 


P,  Q    P 

N  / 
Q 


Note  that  we  lost  the  literal  P  from  {P,  Q}  when  resolving  with  P,  even 
though  the  literal  P(b)  remains  in  (P(b),  Q(c)}. 

Example  3. 

P(a),  P(b),  Q(c)    P(a) 

\     / 

Q(c),  Q(b)     P(b),  Q(c) 

\      / 

P(b),  Q(b) 

Let  f  be  the  propositional  abstraction,  as  before.  We  have  the 
following  abstracted  proof: 

P,  0     P 

\/ 

Q,  Q     Q 


Note  that  we  include  {  Q,  Q  }  in  the  abstracted  proof,  even  though  it  is  a 
tautology.  This  is  not  necessary  here,  but  will  turn  out  to  be  useful 
later,  when  we  require  the  abstracted  proof  to  have  the  same  shape  as 
the  original  proof. 
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2.5  TERMINOLOGY  RELATING  TO   PROOFS 

We  now  introduce  some  terminology  which  will  help  to  describe 
and  analyze  various  procedures  for  using  abstracted  proofs  as  a  guide 
in  the  search  for  a  proof  of  a  clause  C  from  a  set  S  of  clauses.  From 
now  on  we  consider  only  abstractions,  not  weak  abstractions,  since  weak 
abstractions  are  not  as  useful  in  devising  theorem  proving  strategies. 

We  consider  clauses  that  are  variants  to  be  identical.  This 
can  be  accomplished  by  choosing  variables  in  clauses  in  some  canonical 
way.  Although  testing  if  two  clauses  are  variants  is  in  general 
polynomial ly  equivalent  to  graph  isomorphism,  in  practice  this  test 
is  not  difficult.  If  variants  are  not  considered  to  be  identical, 
then  there  might  be  many  more  possible  resolvents  of  two  clauses,  since 
many  resolvents  might  be  variants  of  each  other. 

Definition.  A  resolution  proof  T  is  an  finite  set  of  nodes 
together  with  a  set  of  triples  of  these  nodes.  Also,  each  node  N  has 
a  label,  written  label (N),  which  is  a  clause.  No  two  distinct  labels 
of  nodes  of  T  may  be  variants,  but  the  same  clause  may  label  more  than 
one  node  of  T.   If  (  N1,N2,N3  )  is  a  triple  of  nodes  of  T,  then  we  require 
label (N3)  to  be  a  resolvent  of  label (Nl)  and  label (N2).  We  refer  to 
the  set  of  triples  of  T  by  Res(T)  and  the  set  of  nodes  by  Nodes(T). 
Each  triple  is  called  a  resolution.  We  require  that  if  (N1,N2,N3>  e 
Res(T)  then  <N2,  Nl ,  N3>  e  Res(T).  A  node  of  T  that  is  not  the  third 
component  of  any  triple  of  T  is  called  an  initial  node  of  T.  The  label 
of  such  a  node  is  called  an  initial  clause  of  T.  A  node  that  is  not  the 
first  or  second  component  of  any  triple  of  T  is  called  a  terminal  node 
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of  T.  The  label  of  such  a  node  is  called  a  terminal  clause  of  T. 
Finally,  we  require  that  there  be  a  function  "depth"  mapping  from  nodes 
of  T  into  nonnegative  integers,  such  that 

a)  depth(N)  =  0  for  all  initial  nodes  N  of  T 

b)  depth(N)  =  1  +  min  {max  (depth(Nl),  depth(N2)): 
(  N1,N2,N3>  e  Res(T)}. 

We  call  depth(N)  the  depth  of  the  node  N.  Thus  a  resolution  proof  is 

a  special  kind  of  "hypergraph"  with  labeled  nodes.  Note  that  a  single 

node  by  itself,  with  a  label,  is  a  permissible  resolution  proof.  The 

existence  of  a  depth  function  insures  that  no  node  is  used  to  derive 
itself.  Thus  the  proof  has  no  "loops".  We  sometimes  refer  to  the 

triple  <  N1,N2,N3>  of  a  proof  T  by  <  C1,C2,C3>,  where  CI  =  label (Nl), 

C2  =  label (N2),  and  C3  =  label (N3). 

Definition.  Suppose  Tl  and  T2  are  resolution  proofs.  We 
say  that  Tl  and  T2  are  isomorphic  if  there  is  a  1-1  mapping  a  from 
Nodes(Tl)  onto  Nodes(T2)  such  that  <  Nl  ,N2,N3>  e  Res(Tl)  iff 
<c(Nl),  a(N2),  a(N3)  >  e  Res(T2),  and  such  that  for  all  nodes  N 
of  Nodes  (Tl),  label(N)  =  label(c(N)).  Thus  Tl  and  T2  are  identical 
except  for  a  renaming  of  nodes.  We  call  o  an  isomorphism  between 
Tl  and  T2. 

Definition.  If  S  is  a  set  of  clauses,  then  a  resolution 
proof  from  S  is  a  resolution  proof  in  which  the  labels  of  all  initial 
nodes  are  clauses  in  S. 

Definition.  If  Tl  and  T2  are  resolution  proofs,  we  write 
Tl  c  T2  to  indicate  that  Res(Tl)  is  a  subset  of  Res(T2)  and  that 
Nodes(Tl)  is  a  subset  of  Nodes(T2).  We  call  Tl  a  sub-proof  of  T2. 
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If  all  initial  nodes  of  Tl  are  also  initial  nodes  of  T2,  we  call  Tl 
an  initial  sub-proof  of  12. 

Definition.   If  T  is  a  resolution  proof  and  <Nl,N2,N3>e  Res(T), 
then  we  call  Nl  and  N2  predecessors  of  T.  We  call  N3  a  successor  of  Nl 
and  N2. 

Definition.  The  depth  of  a  resolution  proof  T  is  the  maximum 
depth  of  any  node  of  T.  The  depth  of  a  resolution  <N1,N2,N3  >  of  T 
is  the  depth  of  N3  in  T.  If  label (N)  =  C,  we  often  refer  to  the  depth 
of  C  instead  of  the  depth  of  N.  Note  that  C  may  have  more  than  one 
depth  in  T. 

If  T  is  a  resolution  proof  and  clause  C  is  the  label  of  some 
node  of  T,  then  we  say  that  C  appears  in  T.  Speaking  informally,  we 
say  that  C  is  an  element  of  T. 

Definition.  If  the  terminal  clause  C  of  a  resolution  proof 
T  is  unique,  then  we  define  Result(T)  to  be  C.  Note  that  C  may  appear 
at  more  than  one  node  of  T,  but  C  must  appear  at  the  terminal  node  of 
T. 

Definition.  Suppose  S  is  a  set  of  clauses  and  C  is  a  clause. 
A  resolution  proof  of  C  from  S  is  a  resolution  proof  T  from  S  such 
that  C  is  the  label  of  some  node  of  T. 

Definition.  Suppose  T  is  a  resolution  proof  from  S.  Then 
we  say  T  is  a  minimal  resolution  proof  from  S  if 

a)  T  has  exactly  one  terminal  node  (call  it  N)  and 

b)  no  initial  sub-proof  of  T  other  than  T  itself  has 
N  as  a  terminal  node. 
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Note  that  if  T  is  a  minimal  proof  from  S,  then  Result(T)  is  defined. 
A  minimal  proof  need  not  be  minimal  in  the  usual  sense.  It  could  be 
that  the  terminal  clause  of  T  appears  at  more  than  one  node  of  T,  or 
that  other  clauses  of  T  appear  at  more  than  one  node  of  T.  That  is, 
some  lemmas  may  have  been  derived  more  than  once.  We  say  T  is  a 
minimal  proof  of  C  from  S  if  T  is  a  minimal  proof  from  S  and  Result(T)  =  C. 
If  T  is  a  minimal  proof  from  S,  then  each  node  of  T  is  the  third  component 
of  at  most  one  resolution  of  T  (to  be  precise,  at  most  two  resolutions  of 
T  since  if  <N1,N2,N3>  e  Res(T)  then  <N2,N1,N3>  e  Res(T)  also). 

This  is  an  example  of  a  minimal  resolution  proof  of  P3  from 
{P1,PT  v  P2,  P2  v  P3}. 

Let  the  proof  T  be  defined  to  have  nodes  Nl ,N2,N3,N4,N5. 
The  labels  are  PI,  PT  v  P2,  P2  v  P3,  P2,  and  P3,  respectively.  The 
triples  are  {<N1,N2,N4>,  <  N2,N1,N4>  ,  <  N4,N3,N5>  ,  <  N3,N4,N5>}.  This 
corresponds  to  the  following  proof: 

PI     PT  v  P2 


P2     P2  v  P3 
P3 


\/ 


Definition.  Suppose  T  and  T'  are  two  resolution  proofs.  Then 
we  say  T  and  T  have  the  same  shape  if  there  is  a  relation  'V  between 
nodes  in  T  and  nodes  in  V    such  that  'V  has  the  following  properties: 
1.  For  all  nodes  N  of  T  there  exists  a  node  N'  of  T1  such 
that  N  ^  N',  and  for  all  nodes  N'  of  T'  there  exists 
a  node  N  of  T  such  that  N  ^   N'. 
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2.  Suppose  <N1,N2,N3>  is  a  resolution  of  T  (that  is,  an 
element  of  Res(T))  and  (N1',N2',N3')  is  a  resolution 
of  T'  .  Suppose  N3  ^  N3'.  Then  either  Nl  %   NT  and 

N2  ^  N2',  or  Nl  %  N2'  and  N2  *  NT  .  Both  may  be  true 
if  Nl  =  N2  or  NT  =  N2'. 

3.  Suppose  N  is  a  node  of  T  and  N1  is  a  node  of  T1  and  N  ^  N'. 
Then  N  is  initial  in  T  iff  N'  is  initial  in  T',  and  N 

is  terminal  in  T  iff  N'  is  terminal  in  T'. 

4.  The  relation  "^"  is  a  1-1  relation  between  terminal 
nodes  of  T  and  T' . 

In  this  case,  we  call  'V  a  shape  correspondence  between  T  and  T'. 
Property  1  of  shape  correspondences  is  actually  a  logical  consequence 
of  properties  2,3,  and  4.  The  basic  idea  of  shape  correspondence  is 
that  if  T  and  T'  are  expressed  as  sets  of  resolution  Droof  trees,  then 
these  sets  of  trees  will  have  the  same  shape  (ignoring  the  labels  of 
the  nodes  in  the  trees).  We  write  T-v  T1  if  'V  is  a  shape  correspondence 
between  T  and  T'.  Note  that  the  relation  of  having  the  same  shaDe  is 
an  equivalence  relation.  Also,  if  T  ^  T'  then  the  depths  of  T  and 
T1  are  equal . 

We  extend  a  shape  correspondence  'V  between  T  and  T'  to 
a  relation  between  resolutions  of  T  and  T'  as  follows: 

Suppose  <Nl,N2,N3>e  Res(T)  and  (Ml  '  ,N2 '  ,N3  '>  e  Res(T'). 
Then  we  say  <N1,N2,N3  >  ^  <  NT  ,N2 '  ,N3'  >  if  Nl  %   Nl ' ,  N2  \   N2\  and 
N3  x   N3\  or  if  Nl  %  N2',  N2  *  NT,  and  N3  %   N3'. 

If  Tl  and  T2  are  resolution  proofs  and  'V  is  a  shape 
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correspondence  between  Tl  and  T2,  then  we  say  CI  ^  C2  iff  there  exists 
node  Nl  of  Tl  and  node  N2  of  T2  such  that  CI  =  label (Nl)  and  C2  =  label (N2) 
and  Nl  %  N2. 

Definition.  Suppose  R  is  a  binary  relation  on  clauses.  We 
extend  R  to  a  binary  relation  on  resolution  proofs  in  the  following  way: 
R(U,u")  is  true  iff  U  and  U'  have  the  same  shape,  and  there  exists  a  shape 
correspondence  'V  between  U  and  U'  such  that  C  ^  C  implies  R(C,C)  for 

all  clauses  C  in  U  and  all  clauses  C  in  U"  . 

Suppose  Rl  and  R2  are  binary  relations  on  clauses  and  U  and 

U'  are  resolution  proofs.  Then  we  say  (Rl ;R2)(U,U' )  if  there  is  a 

shape  correspondence  'V  between  U  and  IT  such  that 

a)  if  N  is  an  initial  node  of  U  and  N'  is  an  initial  node 
of  U1  and  N  ^  N'  then  Rl(label(N),  label(N'))  is  true. 

b)  if  N  is  a  non-initial  node  of  U  and  N1  is  a  non-initial 
node  of  u"  and  N  %  N'  then  R2(label(U),  label(U'))  is 
true. 

This  allows  us  to  specify  a  different  relation  between  initial  clauses 
than  between  non-initial  clauses. 

2.6  PROCEDURES  ON   ABSTRACTED  PROOFS 

We  introduce  some  procedures  which  will  be  useful  in  obtaining 
complete  theorem  proving  strategies.  Suppose  f  is  an  abstraction 
mapping  on  a  set  S  of  clauses.  Given  a  proof  from  f(S),  these  procedures 
try  to  map  it  back  onto  a  proof  from  S.  Since  proofs  from  S  map  onto 
proofs  from  f(S)  by  abstraction,  we  might  find  a  proof  from  S  in  this  way. 
Also,  it  will  hopefully  be  easier  to  search  for  proofs  from  f(S)  than  to 
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search  for  proofs  from  S.  However,  these  procedures  by  themselves  are 
incomplete. 

Suppose  V  is  a  set  of  resolutions,  S2  is  a  set  of  clauses,  and 
Rl  and  R2  are  arbitrary  binary  relations  on  clauses.  We  want  to  find 
all  proofs  V2  from  S2  such  that  (R1;R2)(V,  V2)  is  true.  Let  SI  be  the  set  of 
initial  clauses  in  V.  With  each  node  N  in  V,  we  keep  a  set  clauses(N) 
of  clauses  C  having  the  following  property:  There  is  a  proof  V2  from  S2 
such  that  C  is  the  unique  terminal  clause  of  V2,  and  there  is  an  initial 
sub-proof  VI  of  V  such  that  VI  is  a  minimal  proof  from  SI  and  N  is  the 
terminal  node  of  VI  and  (Rl ;R2)(V1 ,V2)  is  true.  Note  that  C  is  derived 
from  S2  by  resolution 

procedure  ndfind  (V,S2,M1 ,M2) ; 

[[assume  that  for  all  initial  nodes  N  of  V, 
clauses(N)  =  {C  e  S2:  Ml (Label (N),  C)  is  true! 
and  that  clauses(N)  =  <f>  for  non-initial  nodes  N  of  V]] 
loop 

wnile  (there  exist  nodes  Nl ,  N2,  N  of  V  and 
clauses  CI,  C2,  C  such  that 

1.  <N1,N2,N  >  E  Res(V) 

2.  CI  c  clauses(Nl)  and  C2  E  clauses(N2) 

3.  C  is  a  resolvent  of  CI  and  C2 

4.  C  4  clauses(n) 

5.  M2(label(N),  C)  is  true); 

add  C  to  cluases(N) 
repeat; 
end  ndfind; 
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Let  Z  be  the  resolution  proof  generated  by  "ndfind".   It  is 
not  difficult  to  show  that  Z  is  the  smallest  proof  (up  to  isomorphism) 
from  S2  satisfying  the  following  condition: 

If  W  is  a  proof  from  S2  such  that  (Ml;  M2)(V,  W)  is  true,  then 
W  is  isomorphic  to  an  initial  sub-proof  of  Z. 
Thus  "ndfind"  finds  all  proofs  W  from  S2  such  that  (Ml;  M2)(V,  W) 
is  true.  We  are  identifying  clauses  that  are  variants,  as  usual. 

We  now  give  a  recursive  procedure  which,  given  a  minimal 
resolution  proof  V  from  SI,  finds  all  proofs  V2  from  S2  such  that 
(Ml,  M2)(V,  V2)  is  true.  This  procedure  uses  depth-first  search  for 
efficiency.   If  some  such  proof  V2  exists,  we  would  expect  this 
procedure  to  be  faster  than  "ndfind"  on  the  average. 

With  each  node  N  of  V,  we  keep  the  following  information: 

clauses(N)  is  as  in  "ndfind". 

full(N)  is  TRUE  if  it  is  known  that  no  more  elements  of 

clauses(N)  can  possibly  be  derived.  Otherwise,  full(N) 

is  FALSE. 

Suppose  N  is  not  initial  in  V.  Suppose  < Nl ,  N2,  N>e  Res(V). 

Recall  that  we  call  Nl  and  N2  predecessors  of  N.   (It  could 

be  that  Nl  =  N2.)  Thus  label (Nl)  and  label (N2)  are   parent 

clauses  of  label (N). 

If  N  is  not  initial  in  V,  then  last-try(N)  is  the  predecessor 

of  N  most  recently  looked  at  when  attempting  to  generate 

new  elements  of  clauses(N).  next-try(N)  is  the  other  predecessor. 

If  the  predecessors  of  N  are   identical,  then  last-try(N)  = 

next-try(N) . 
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If  N  is  not  initial  in  V,  and  Nl  and  N2  are  the  predecessors 
of  N  In  V,  then  pairs(N)  is  the  set  of  pairs  {CI,  C2}  such 
that  CI  e  clauses(Nl)  and  C2  e  clauses(N2)  and  CI  and  C2 
have  been  resolved  together  already  to  get  elements  of  clauses(N) 
The  point  of  keeping  last-try(N)  and  next-try(N)  is  that 
we  want  to  alternate  between  generating  new  elements  of  clauses(Nl) 
and  new  elements  of  clauses(N2),  where  Nl  and  N2  are  the  predecessors 
of  N  in  V.  However,  when  Nl  or  N2  becomes  full,  this  alternation 
stops. 

procedure  findclauses(V,  S2,  Ml,  M2); 

[[assume  Visa  minimal  resolution  proof]] 
for  all  initial  nodes  N  of  V  do 
full (N)  -  TRUE; 

clauses(N)  +-  {C  e  S2:M1 (label (N) ,  C)  is  true}  od; 
for  all  non-initial  nodes  N  of  V  do 
full (N)  -  FALSE; 
clauses(N)  ■«-  0; 
let  Nl,  N2  be  nodes  of  V  such  that 

<N1,  N2,  N  >  e  Res(V); 
last-try(N)  *■  Nl  ; 
next-try(N)  +-   N2; 
pairs(N)  +■  0  qd; 
let  N'  be  the  terminal  node  of  V; 
loop 

until  full (N1 ); 
findclausesKV,  N',  M2) 
repeat ; 

end  findclauses; 
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procedure  findclausesl  (V,  N,  M2); 

[[try  to  add  at  least  one  clause  to  clauses(N)]] 
let  Nl  and  N2  be  nodes  of  V  such  that 

<  Nl,  N2,  N  >  e  Res(V); 
S  «-  clauses(N) ; 
loop 

wh i 1 e  (not  full(N)  and  S  =  clauses  (N)); 
if  (for  all  CI  e  clauses  (Nl)  and  for  all 

C2  e  clauses(N2),  {CI,  C2}  z   pairs(N)) 
then  if  full (Nl)  and  full (N2) 

then  full  (N)  <-  TRUE;  return  f± 
else  if  not  full  (next-try(N) ) 

then  findclausesl  (V,  next-try(N),  M2); 

next-try(N)  <->  last-try(N) 
else  findclausesl (V,  last-try(N),  M2) 

£1 

fi 

[[findclausesl  will  never  be  called  on  a  node  N 
that  is  full,  hence  will  never  be  called  on  an 
initial  node]] 

if  there  exist  CI  e  clauses(Nl)  and  C2  e  clauses(N2) 

such  that  {CI ,  C2}  t   pairs(N) 
then  add  {CI,  C2}  to  pairs(N); 

add  to  clauses(N)  all  resolvents  C 
of  CI  and  C2  such  that 
M2(label(N),  C)  is  true 

fi; 

ropeat 
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The  procedure  "findclausesl "  is  designed  so  that  when  it 
returns,  either  full(N)  is  true  or  some  new  clause  has  been  added  to 
clauses(N).  Possibly  more  than  one  new  clause  has  been  added.  Let  W  be  the 
resolution  proof  from  S2  generated  when  "findclausesl"  returns.  Note 
that  W  is  generated  implicitly,  not  explicitly.  That  is,  Nodes(W)  and 
Res(W)  are  not  explicitly  generated.  Suppose  "findclausesl"  returns  and 
full(N)  is  FALSE.  Then  W  will  contain  at  least  one  new  minimal  proof  V2 
such  that  (Ml;  M2)(V,  V2)  is  true.   If  "findclausesl"  returns  and  full(N) 
is  TRUE,  then  W  will  contain  isomorphic  copies  of  all  minimal  proofs 
V2  such  that  (Ml;  M2)(V,  V2)  is  true.   (There  may  not  be  any.)  As 
described,  "findclauses"  is  no  more  efficient  than  "ndfind";  in  fact, 
they  both  do  exactly  the  same  resolutions,  given  the  same  inputs. 
The  advantage  of  "findclauses"  is  that  the  search  can  be  stopped  if  a 
specific  clause  appears  in  clauses(N'),  and  the  depth-first  search 
makes  it  more  likely  that  this  will  happen  soon.  We  could  modify  "findclausesl" 
to  return  with  full (N)  =  TRUE  if  clauses  (Nl)  =  0  and  full(Nl)  =  TRUE 
or  if  clauses(N2)  =  0  and  full(N2)  =  TRUE.  However,  we  do  not  do  this 
so  that  "findclauses"  can  be  used  in  a  complete  theorem  proving  strategy 

later  on. 

2.7  PROPERTIES  OT  THE  PROCEVURES 

We  now  develop  some  concepts  which  will  help  to  obtain  a 
complete  theorem  proving  strategy  based  on  abstractions.  We  relax 
the  concept  of  two  proofs  being  the  same  shape.  Later  we  will  discuss 
another  inference  rule  called  m-resolution  in  which  this  relaxed  concept 
is  not  necessary. 
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Definition.  Suppose  S  is  a  set  of  clauses  and  f  is  an  ab- 
straction mapping.  We  define  a  relation  T  ^  U  between  minimal  resolution 
proofs  T  from  S,  and  minimal  resolution  proofs  U  from  f(S).  This 
relation  has  the  property  that  if  C  =  Result(T),  then  for  all  D1  e  f(C'), 
there  exists  U  such  that  T  -*■  U  and  Result(U)  is  defined  and  Result(U) 
subsumes  D'.  We  define  this  relation  and  show  that  it  has  this  property, 
inductively.  This  relation  is  useful  for  analyzing  the  behavior  of 
"ndfind"  and  "findclauses" . 

Suppose  that  T  consists  of  a  single  node  N  with  label  (N)  =  C. 

Then  U  is  any  proof  consisting  of  a  single  node  N1  with  label (N')  e  f(C'). 

Suppose  that  T  contains  more  than  one  node.  Let  N3  be  the 
terminal  node  of  T,  and  let  Nl  and  N2  be  the  predecessors  of  N3  in  T. 
(It  could  be  that  Nl  =  N2.)  Let  CI  and  C2  be  the  labels  of  Nl  and 
N2,  respectively.  Let  Tl  be  the  smallest  sub-proof  of  T  whose  terminal 
node  is  Nl  and  whose  initial  nodes  are   initial  nodes  of  T.  (Thus  Tl 
is  the  portion  of  T  used  in  deriving  CI.)  Let  T2  be  the  smallest  sub- 
proof  of  T  whose  terminal  node  is  N2  and  whose  initial  nodes  are  initial 
nodes  of  T.   (Thus  T2  is  the  portion  of  T  used  in  deriving  C2.) 

Suppose  Tl  ->  Ul  and  Result(Ul)  =  Bl  for  some  Bl  subsuming  an 

element  of  f(C'),  where  C  =  Result(T).  Suppose  Tl  has  more  than  one 

node.  Then  T  -  Ul  also.  Similarly,  if  T2  +   U2  and  Result(U2)  =  B2 
f  f 

for  some  B2  subsuming  an  element  of  f(C'),  and  if  T2  has  more  than  one 

node,  then  T  ■+  U2.  Suppose  that  Tl  -*  Ul  and  T2  +   U2  and  Bl  =  Result(Ul) 
f  f         f 

and  B2  =  Result(U2).  Suppose  that  some  resolvent  B  of  Bl  and  B2  subsumes 
an  element  of  f(C).  Let  U  be  the  proof  of  B  which  consists  of  Ul  and 
U2  together  with  the  resolution  (  Bl,  B2,  B  )  (and  <  B2,  Bl ,  B  >  ) .  Then 
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T  ►  U.  Finally,  T  >  U  is  true  only  if  T  ->  U  can  be  derived  by  a  sequence 
f  f  f 

of  such  steps.  This  completes  the  definition  of  this  relation. 

We  have  defined  this  relation  so  that  if  T  -*■  U  and  T  does 

f 

not  consist  of  a  single  node  then  U  does  not  consist  of  a  single  node.  This 
will  be  importnat  later  on. 

Theorem  2.6.  Suppose  f  is  an  abstraction  mapping  and  S  is 
a  set  of  clauses.  Suppose  T  is  a  minimal  proof  of  C  from  S,  and  suppose 
T  does  not  consist  of  a  single  node.  Then  for  all  D'  e  f(C'),  there 
exists  a  proof  U  from  f(S)  such  that  T  ■+  U  and  Result(U)  subsumes  D' , 
and  such  that  U  does  not  consist  of  a  single  node. 

Proof.  Let  Tl ,  T2,  CI,  and  C2  be  as  in  the  above  definition. 

By  properties  of  abstractions,  there  exists  Dl  e  f (CI )  and  D2  e  f(C2) 

such  that  some  resolvent  D  of  Dl  and  D2  subsumes  D1 .  Applying  the  theorem 

inductively,  there  exist  Ul  and  U2  such  that  Tl  ■*   Ul  and  T2  ->  U2  and 

Result(Ul)  subsumes  Dl  and  Result(U2)  subsumes  D2.  Also,  if  Tl  does  not 

consist  of  a  single  node,  then  neither  does  Ul ,  and  if  T2  does  not 

consist  of  a  single  node,  then  neither  does  U2.  Let  Bl  be  Result(Ul) 

and  let  B2  be  Result(U2).   If  Bl  subsumes  D',  and  Tl  does  not  consist 

of  a  single  node,  then  T  ->   Ul  and  the  desired  conclusion  follows. 

Similarly,  if  B2  subsumes  D',  and  T2  does  not  consist  of  a  single  node, 

then  T  -*■  U2  and  the  desired  conclusion  follows.   If  some  resolvent  B 
f 

of  Bl  and  B2  subsumes  D',  then  let  U  be  Ul  and  U2  together  with  the 
resolution  <  Bl ,  B2,  B  >  (and  <  B2,  Bl ,  B  >  ).   In  this  case,  T  ■+   U  and 
the  conclusion  follows.  The  only  case  we  have  not  considered  is  when 
no  resolvent  of  Bl  and  B2  subsumes  D' ,  and  when  (Tl  consists  of  a  single 
node  or  Bl  does  not  subsume  D')  and  (T2  consists  of  a  single  node  or 
B2  does  not  subsume  D'). 


-32- 


If  Tl  and  T2  both  consist  of  a  single  node,  then  CI  e  S  and 

C2  e  S  and  so  we  can  choose  Ul  and  U2  such  that  Bl  =  D1  and  B2  =  D2. 

Thus  some  resolvent  of  Bl  and  B2  subsumes  D'.   If  neither  Tl  nor  T2 

consist  of  a  single  node,  then  neither  Ul  nor  U2  do  and  so  the  conclusion 

of  the  theorem  follows  regardless  of  whether  T  ->  Ul  or  T  ■*  U2  or  T  ->  U, 

f       f       f 

with  U  as  above. 

Suppose  Tl  consists  of  a  single  node  and  T2  does  not.  We  know 
that  a  resolvent  of  Dl  and  D2  subsumes  D1,  and  that  B2  subsumes  D2. 
It  follows  by  the  properties  of  resolution  that  either  a  resolvent  of  Dl 
and  B2  subsumes  D',  or  B2  itself  subsumes  D'.   In  either  case,  U  as 
desired  exists.  The  argument  when  Tl  does  not  consist  of  a  single  node 
and  T2  does  is  similar.  This  completes  the  proof. 

It  is  easy  to  see  that  if  T  ->  U  then  the  depth  of  U  is  not 
greater  than  the  depth  of  T.  The  number  of  nodes  in  U  may  differ 
greatly  from  the  number  of  nodes  in  T,  however,  even  if  T  -*■  U  and  T 
and  U  have  the  same  shape.  In  fact,  the  number  of  nodes  in  U  may  be 
exponentially  larger  or  exponentially  smaller  than  the  number  of  nodes 
in  T.  This  may  also  be  true  of  the  number  of  clauses  in  U  and  T. 
This  is  because  T  may  make  repeated  use  of  lemmas  which  are  "separated" 
in  U.  Or  possibly  U  collapses  many  separate  clauses  of  T  into  repeated 
lemmas. 

Theorem  2.7.  Suppose  f  is  an  abstraction  mapping  on  a  set 
S  of  clauses,  and  T  is  a  minimal  proof  from  S.  Suppose  T  does  not 
consist  of  a  single  node.  Also,  suppose  T  ■>  U.  Let  R1(B,  C)  be  the 
relation  "B  e  f(C)"  and  let  R2(B,  C)  be  the  relation  "B  subsumes  some 
element  of  f(C)."  Suppose  findclauses(U ,  S,  Rl ,  R2)  or  ndfind(U,  S, 
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Rl ,  R2)  is  called.  When  the  procedure  (either  one) exits,  there  will 

be  some  clause  C  in  clauses  (N)  for  some  node  N  of  U,  such  that  C  appears 

at  a  non-initial  node  of  T.  Thus  "ndfind"  and  "findclauses"  will  make 

some  progress  towards  constructing  the  proof  T. 

Lemma.  Suppose  f  is  an  abstraction  mapping  on  a  set  S  of 

clauses,  and  T  is  a  minimal  proof  from  S.  Suppose  T  ■*  U  where  U  is  a 

proof  from  f(S).  Let  T'  be  an  initial  sub-proof  of  T,  and  suppose  that 

T'  is  a  minimal  proof.  Suppose  that  T'  ■*■   U'  where  U'  is  an  initial 

f 

sub-proof  of  U.   (Such  a  U'  will  not  always  exist.)  Then  the  resolutions 
done  by  ndfind(L)' ,  S,  Rl ,  R2)  will  be  a  subset  of  those  done  by 
ndfind(U,  S,  Rl ,  R2),  and  the  resolutions  done  by  f indclauses(U' ,  S, 
Rl,  R2)  will  be  a  subset  of  those  done  by  f indclauses(U,  S,  Rl ,  R2). 

Proof  of  Lemma.  For  "ndfind",  the  result  is  easy  to  see. 
For  "findclauses",  this  result  follows  because  of  the  recursive  nature  of 
"findclausesl".  Note  that  this  result  would  not  be  true  for  "findclauses" 
if  we  modified  "findclausesl"  to  return  with  full(B)  =  TRUE  if  clauses(Bl) 
0  and  full(Bl)  =  TRUE,  or  if  clauses(B2)  =  0  and  full (B2)  =  TRUE. 

Proof  of  Theorem.  Note  that  the  theorem  is  trivial  if  T 
consists  of  a  single  node.  Suppose  C  is  Result(T).  Suppose  N  is  the 
terminal  node  of  C.  Let  Nl  and  N2  be  the  predecessor  nodes  of  N  in  T, 
and  let  CI  and  C2  be  the  labels  of  Nl  and  N2,  respectively.  Thus  CI 
and  C2  are  the  parents  of  C  in  T.  Let  Tl  be  the  portion  of  T  used  in 
deriving  CI,  and  let  T2  be  the  portion  of  T  used  in  deriving  C2.  Thus 
Nl  is  the  terminal  node  of  Tl  and  N2  is  the  terminal  node  of  T2.   (It 
could  be  that  CI  and  C2  occur  at  other  nodes  of  T  besides  Nl  and  N2.) 
Assume  Tl  and  T2  are  minimal  proofs  from  S. 
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Suppose  that  Tl  and  T2  both  consist  of  a  single  node.  Thus 
CI  e  S  and  C2  e  S.  Let  D  be  the  terminal  clause  of  U,  and  let  Dl  and 
D2  be  its  parents.  Suppose  Dl  e  f (CI )  and  D2  e  f(C2).  We  know  that 
D  subsumes  an  element  of  f(C).  Thus  C  will  eventually  be  generated  by 
resolution  and  added  to  clauses(N'),  where  N1  is  the  terminal  node  of 
U,  regardless  of  whether  "ndfind"  or  "findclauses"  is  called.  Therefore 
the  theorem  is  true  for  this  case. 

Suppose  that  at  least  one  of  Tl  and  T2  does  not  consist  of  a 

single  node.  Then  either  (Tl  does  not  consist  of  a  single  node  and 

Tl  ->  U),  or  (T2  does  not  consist  of  a  single  node  and  T2  -*■  U),  or 

(Tl  does  not  consist  of  a  single  node  and  for  some  Ul  c  U,  Tl  ->  Ul), 

or  (T2  does  not  consist  of  a  single  node  and  for  some  U2  c  U,  T2  ->  U2). 

This  is  true  by  the  definition  of  the  relation  ■>.   In  the  first  two  cases, 

f 

we  can  apply  the  theorem  inductively  to  Tl  or  T2  to  obtain  the  desired 
result.  In  the  second  two  cases,  using  the  lemma,  we  can  apply  the 
theorem  inductively  to  Ul  and  U2  to  obtain  the  desired  result.  This 
completes  the  proof. 

The  point  of  the  theorem  is  that  we  will  always  make  some 
progress  towards  a  proof  of  C  from  S.  At  least  one  clause  at  a  non- 
initial  node  of  T  will  be  derived.  If  f  is  a  weak  abstraction,  this  is 
not  necessarily  true.  Note  that  the  theorem  is  true  for  ndfind(V,  S, 

Rl ,  R2)  if  T  ->  U  and  U  is  an  initial  sub-proof  of  V.  Also,  recall  that 
the  depth  of  U  is  not  more  than  the  depth  of  T  if  T  |  U.  Thus  if  V 

represents  an  exhaustive  resolution  search  to  depth  at  least  the  depth 

of  T,  then  "ndfind"  will  make  some  progress  towards  constructing  the 

proof  T.  This  is  still  true  if  D  is  chosen  in  f(C)  and  V  is  restricted 

to  only  contain  resolutions  contributing  to  a  proof  of  something  subsuming 

D. 
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Theorem  2.8.  Suppose  f  is  an  abstraction  mapping  on  a  set 
S  of  clauses,  and  T  is  a  minimal  proof  from  S.  Suppose  T  -►  U  and  T  %  U. 
This  essentially  means  that  U  has  no  "subsumption  steps."  Then  the 
procedures  ndfind(U,  S,  Rl ,  R2)  and  findclauses  (U,  S,  Rl ,  R2)  will  generate 
Result(T)  from  S  by  resolution.  Here  Rl  and  R2  are  as  in  theorem  2.7. 

This  theorem  gives  conditions  under  which  an  abstracted  proof, 

by  itself,  is  a  sufficient  guide  to  reconstruct  the  original  proof.  The 

result  can  be  extended  to  give  conditions  guaranteeing  that  portions  of 
T  can  be  reconstructed,  even  if  all  of  T  cannot  be  so  reconstructed. 

The  proofs  of  examples  1  and  3  of  section  2.4.  can  be  completely 

reconstructed  from  their  abstractions,  but  the  proof  of  example  2 

cannot.   It  will  turn  out  that  a  proof  can  always  be  reconstructed 

from  any  m-abstraction  of  the  proof. 

2.8.  A  COMPLETE  STRATEGY  TOR  ABSTRACTIONS 

The  procedure  "ndfind"  can  be  used  repeatedly  to  obtain 
a  complete  theorem  proving  strategy  which  we  call  "proof searchl ". 
The  idea  is  to  use  "ndfind"  on  a  set  of  abstracted  proofs.  Suppose 
S  is  the  set  of  input  clauses  and  f  is  the  abstraction  mapping.  Suppose 
we  are  looking  for  a  proof  of  C  from  S.  We  keep  a  set  SI  of  nodes 
such  that  (label (N):  N  e  SI}  is  a  set  of  abstracted  clauses.   Initially, 
{label (N):  N  e  SI }  =  f(S).  Thereafter,  whenever  a  new  clause  C  is 
derived  by  "ndfind",  nodes  may  be  added  to  SI  so  that  certain  of  the 
abstractions  of  C  will  be  in  {label(N):  N  e  SI}.  Suppose  C  can  be  derived 
from  S  by  resolution.  Each  time  "ndfind"  is  called,  it  will  make  more 
progress  towards  a  proof  of  C  from  S.  Eventually  an  entire  proof  of 
C  will  be  found. 
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We  do  not  know  whether  "proofsearchl "  will  be  a  good  strategy. 
Perhaps  it  will,  but  strategies  to  be  presented  later  seem  much  more 
desirable.  These  strategies  are  based  on  "m-abstractions".  They  are 
more  desirable  because  they  find  the  proof  all  at  once,  instead  of 
piece  by  piece.  Also,  they  permit  the  use  of  more  than  one  m-abstraction 
at  the  same  time,  in  a  way  that  ordinary  abstractions  do  not  permit. 
However,  "proofsearchl"  may  be  useful,  and  it  does  illustrate  the  need 
for  m-abstractions. 

This  strategy  constructs  an  "abstracted  proof  space"  VI  whose 
nodes  are  ordered  pairs  of  the  form  <B,  n  >  ,  where  B  is  an  abstracted 
clause  or  is  derived  from  such  clauses  by  resolution,  and  n  is  a 
"modified  depth"  of  B.  The  same  clause  B  may  appear  at  more  than 
one  modified  depth.  If  N  is  the  node  <B,  n  >  ,  then  we  define  label (N) 
to  be  B  and  mdepth(N)  to  be  n.  The  resolutions  of  VI  correspond  to 
resolutions  in  the  abstracted  space.  We  keep  modified  depths  because 
an  initial  node  N  of  VI  may  have  a  label  which  is  the  abstraction  of  a 
non-initial  clause  C  derivable  from  S.  We  may  want  to  have  mdepth(N)  = 
depth(C)  in  this  case.  This  restricts  the  abstracted  search  space  in  a 
reasonable  way  as  various  pieces  of  the  desired  proof  are  found. 

The  meaning  of  the  variables  of  "proofsearchl"  is  as  follows: 

S  :  The  set  of  input  clauses. 

C  :  The  clause  we  are   trying  to  derive. 

f  :  An  abstraction  mapping. 

D':  An  arbitrary  element  of  f(C'). 
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d  :  The  maximum  depth  proof  we  are   currently  looking  for. 

S':  The  set  of  clauses  so  far  derived  from  S  by  resolution. 

SI:  The  set  of  initial  nodes  used  in  constructing  V  and  VI. 

S2:  The  old  value  of  SI. 

V  :  The  "exhaustive"  resolution  search  space  up  to  depth  d, 
generated  from  SI . 

VI:  The  portion  of  V  consisting  of  proofs  from  f(S)  of 
something  subsuming  D'. 

Now,  V  and  VI  are  functions  of  SI,  d,  and  D1  alone.  Furthermore,  D' 

is  constant.  Therefore  when  SI  stops  changing,  so  will  V  and  VI,  until 

d  is  increased.   In  addition,  the  loop  L2  will  not  do  anything  new 

unless  VI  changes.  Hence  when  SI  =  S2,  no  more  clauses  can  be  generated 

with  the  current  depth  restriction,  and  so  we  go  on  to  the  next  higher 

depth. 

procedure  proofsearchl  (S,  C,  f); 

[[attempt  to  construct  a  proof  of  C  from  S  using  abstraction  mapping  f, 
This  is  a  complete  theorem  proving  strategy.]] 

S'  -  S; 

choose  D'  in  f(C  ); 

SI  *■  {<  D,  0  >  :(3C  e   S)D  e  f(C)>; 

for  all  (D,  0  >  e  SI  do 

clauses((D,  0  >)  «-  {C  e  S:  D  E  f(C)}  od; 
for  d  =  1  to  °°  while  C  j   S'  do 

[[look  for  a  proof  of  depth  d  or  less]] 
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Ll  :   loop 

S2  <-  SI; 

let  V  be  the  smallest  resolution  proof  such  that 

a)  SI  c  Nodes(V) 

b)  If  <B1,  d,  >  e  Nodes(V)  and  (B2,  d2  >  e  Nodes(V)  and 
d,  <  d  and  d~  <  d  and  B3  is  a  resolvent  of  Bl  and  B2 
then  <  B3,  d3  >  e  Nodes(V)  and 
<<B1,  d1  >  ,  <B2,  d2  >  ,  <B3,  d3  >>  e  Res(V) 
where  d3  =  1  +  max(d-j ,  d^) ; 

let  VI  be  the  smallest  sub-proof  of  V  such  that 

a)  If  <  Bl ,  d^  e  Nodes(V)  and  d]  <_  d  and  Bl 
subsumes  D"  then  <  Bl ,  d-,  >  e  Nodes(Vl) 

b)  If  <N1,  N2,  N3  >  e  Res(V)  and  N3  e  Nodes(Vl)  then 
Nl  e  Nodes(Vl)  and  N2  e  Nodes(Vl)  and  < Nl ,  N2,  N3  >  e 
Res(Vl); 

[[note:  V  can  be  found  by  exhaustive  search  and  VI  can  be  found  by 
deleting  nodes  and  resolutions  from  V.  Perhaps  VI  can  be  found 
by  applying  more  levels  of  abstraction,  also.]] 

[[VI  represents  the  minimal  proofs  Zl  from  {label (N):  N  e  SI} 
such  that  Result(Zl)  subsumes  D'  and  such  that  mdepth(N)  <  d  for 
all  N  e  Nodes(Zl)]] 

for  all  new  nodes  N  of  VI  do 
clauses(N)  «-  0  od; 

[[The  following  section   is  a  slightly  modified  version  of  "ndfind"]] 

L2 .      lop£ 

while  C  t   S'  and  (there  exist  nodes  Nl ,  N2,  N  and  clauses 
CI,  C2,  C  suchHETiat 

1.  <  Nl,  N2,  N  >  e  Res(Vl) 

2.  CI  e  clauses(Nl)  and  C2  e  clauses(N2) 

3.  C  is  a  resolvent  of  CI  and  C2 

4.  C  /  clauses(N) 

5.  label  (N)  subsumes  some  element  of  f(C)); 
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[[it  ncay  he  best  to  choose  N  with  the  largest  possible 
mdepiii  here]] 

ad<i   C    tr.   rl  iijses    i'N)  ; 

add  C  to  S'   if  it  is  not  already  there; 

for  all    D  i    f(C)   such   that   label (N)   subsumes   D 

do   add  (D,  mdepth(N)>  to  SI    if  it   is   not  already  there; 
add  C  to  clauses    (<  D,  mdepth(N)>  ) 

repeat    L2; 

until  SI  =  S2  or  C  E  S' ; 
repeat  LI ; 
od; 
end  proofsearchl ; 

The  last  part  of  "proofsearchl"  is  almost  identical  to  "ndfind". 
In  a  similar  way,  we  could  write  a  version  of  "proofsearchl"  based  on  an 
adapted  version  of  "findclauses".  To  do  this,  it  would  be  necessary  to 
modify  "findclausesl "  to  allow  a  clause  to  have  more  than  one  set  of 
parents.  This  approach  would  have  the  advantage  of  using  a  depth-first 
search.  Therefore  we  would  expect  a  proof  to  be  found  more  rapidly 
on  the  average  by  "proofsearchl"  with  "findclauses"  than  by  "proofsearchl" 
with  "ndfind". 

The  reason  that  "proofsearchl"  works  is  this: 
Suppose  there  is  a  proof  T  of  C  from  S  such  that  depth(T)  <  d. 
Suppose  also  that  no  node  of  T  is  the  third  component  of  more  than 
one  resolution  of  T.   (To  be  precise,  we  may  have  < Nl ,  N2,  N3>  and 
<N2,  Nl,  N3>  in  Res(T),  so  N3  is  the  third  component  of  two  resolutions.) 
Thus  T  is  minimal  in  the  technical  sense  defined  earlier.   In  addition, 
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suppose  that  no  node  of  T  occurs  as  the  first  or  second  component  of  more 
than  one  resolution  of  T.  That  is,  each  clause  is  rederived  as  many 
times  as  it  is  used.  Thus  T  is  a  "resolution  proof  tree."  Note  that  any 
proof  can  be  expanded  into  a  proof  tree  of  the  same  depth. 

With  each  node  N  of  T  we  associate  an  element  of  f(label(N)) 
as  follows:  With  the  terminal  node  of  T,  we  associate  D'.  Also,  if 
(Nl,  N2,  N3  >  e  Res(T)  and  D3  is  associated  with  N3,  let  Dl  and  D2 
be  clauses  such  that  Dl  e  f (label (Nl ) )  and  D2  e  f (label (N2))  and  some 
resolvent  of  Dl  and  D2  subsumes  f (label (N3) ) .  We  knew  that  such  Dl  and 
D2  exist,  since  f  is  an  abstraction.  Then  we  associate  Dl  with  Nl  and 
D2  with  N2.  There  may  be  some  freedom  in  the  choice  of  Dl  and  D2;  any 
choice  wil 1  do. 

Consider  the  state  of  "proofsearchl"  at  the  beginning  of  the 

"repeat"  loop  at  LI.  Let  Wl  be  the  set  of  nodes  N  of  T  such  that 

<  Dl ,  d,  >  e  SI,  where  Dl  is  associated  with  N  and  d,  =  depth(N),  and 

such  that  label  (N)  e  clauses(<Dl,  d,  >).  We  claim  that  each  time  through 
this  loop,  Wl  increases  in  size,  unless  C  is  derived  first  some  other  way, 

Hence  eventually  all  nodes  of  T  will  be  in  Wl ,  and  we  will  have  derived 

C  from  S,  unless  C  is  derived  first  some  other  way. 

Let  X  be  the  set  of  "terminal  nodes"  of  Wl .  That  is,  a  node 
N  of  Wl  is  in  X  iff  no  successors  of  N  are  in  Wl.  Let  T2  be  the  portion  of 
T  used  in  deriving  C  from  X.  That  is,  T2  is  a  proof  of  C  from 
(label (N):  N  e  X},  and  X  is  the  set  of  initial  nodes  of  T.  Thus  T2 
is  a  sub-proof  of  T.  See  figure  2. 

We  know  by  theorem  2.6.  that  there  is  a  proof  Z  such  that 
;  Z  and  such  that  Result(Z)  subsumes  D'.  Also,  it  is  easy  to  show 
that  mdepth(Z)   d,  where  we  define  mdepth(Z)  to  be  maxfmdepth(N) : 
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N  t    Nodes (Z)}.  Hence, in  fact,Z  will  be  isomorphic  to  a  sub-proof  of 
VI  after  VI  is  constructed  the  next  time.  Also,  we  know  by  theorem  2.7 
that  "ndfind",  given  Z,  will  make  some  progress  towards  constructing 
T2.  Since  the  loop  L2  of  "proofsearchl "  essentially  simulates  "ndfind" 
on  VI,  the  loop  L2  will  also  make  some  progress  towards  constructing  T2. 
In  particular,  there  will  be  some  resolution  < Nl ,  N2,  N3  >  of  T2  in 
which  Nl  and  N2  are  initial  nodes  of  T2  and  there  will  be  some  resolution 
<  NT  ,  N2'  ,  N3'  >  of  VI  such  that 

a)  label (Nl1)  is  associated  with  Nl 

b)  label (N21)  is  associated  with  N2 

c)  label (Nl )  e  clauses(Nl') 

d)  label (N2)  e  clauses(N2') 

e)  label(N3)  e  clauses(N3' ) . 

By  the  statements  at  the  end  of  L2,  a  new  node  N  will  be  added 
to  SI  such  that  mdepth(N)  =  depth(N3)  and  label (N)  is  associated  with 
N3  and  label (N3)  e  clauses(N).  Thus  N3  will  be  in  the  set  Wl  the  next 
time  through  the  loop  LI  of  "proofsearchl".  This  completes  the  proof. 


f 


VI 


SI 


Completeness  of  "Proofsearchl" 
Figure  2 
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Note  that  T  is  an  arbitrary  proof  of  C  from  S,  expanded 
into  a  "tree".  Therefore  "proofsearchl "  is  still  complete  if  we 
restrict  the  resolutions  from  S  according  to  any  complete  theorem 
proving  strategy  (such  as  locking  resolution  [5]).  However,  it  is  not 
allowable  to  restrict  the  resolutions  in  VI  in  any  way.  We  cannot 
even  delete  tautologies  from  VI,  or  clauses  that  are  subsumed  by  other 
clauses. 

For  particular  abstraction  mappings,  the  resolutions  in  VI 
can  be  restricted,  however.  For  example,  consider  the  complete  strategy 
in  which  predicate  symbols  are  ordered,  and  in  which  in  each  resolution, 
the  largest  predicate  symbols  in  each  clause  must  be  resolved  away. 
Also,  let  f  be  the  propositional  abstraction.  Suppose  T  is  minimal 
resolution  proof  from  S  according  to  the  ordering  strategy  defined  above. 
Then  there  is  a  resolution  proof  U  from  f(S)  such  that  T^U  and  such 
that  U  is  also  a  proof  according  to  the  ordering  strategy.  Furthermore, 
for  all  clauses  D  e  f (Resul t(T) ) ,  such  a  U  exists  in  which  Result(U) 
subsumes  D.  Hence  "proofsearchl"  is  still  complete  if  the  propositional 
abstraction  is  used,  and  if  resolutions  in  V  and  resolutions  from  S  are 
both  restricted  according  this  ordering  strategy. 

By  similar  reasoning,  iff  is  an  abstraction  defined  in  terms  of 
literal  mappings,  and  if  each  literal  mapping  preserves  predicate  symbols 
of  literals,  then  resolution  with  ordering  of  predicate  symbols  can  be 
done  in  both  the  abstracted  search  space  and  in  the  original  search 
space.  Also,  if  f  is  an  abstraction  defined  in  terms  of  literal  mappings, 
and  if  each  literal  mapping  preserves  signs  of  literals,  then 
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Pl-deduction  (all-positive  resolution)  and  hyper-resolution  [6]  can  be 
done  in  both  the  abstracted  space  and  in  the  original  space.  Similarly, 
a  combination  of  hyper-resolution  and  ordering  [7]  can  be  done  in  both 
the  abstracted  space  and  in  the  original  space,  if  f  is  defined  in  terms 
of  literal  mappings  which  preserve  both  signs  and  predicate  symbols 
of  literals.  These  restrictions  to  "proofsearchl "  yield  complete 
theorem  proving  strategies.  The  latter  restrictions  should  be  particularly 
useful  when  the  set  of  input  clauses  is  a  Horn  set  [8]  or  is  "almost" 
a  Horn  set  (that  is,  there  are  not  very  many  positive  literals  in  any 
input  clause). 

The  program  "proofsearchl"  can  easily  be  modified  to  test  if 
a  clause  C  is  a  logical  consequence  of  a  set  S  of  clauses.  This  can 
be  done  by  making  use  of  the  following  fact  [9  ]:  If  C  is  a  logical 
consequence  of  S,  then  there  is  a  clause  C"  derivable  from  S  by 
resolution  such  that  C"  subsumes  C.  Furthermore,  by  property  3  of 
abstractions,  there  will  be  some  abstraction  D"  of  C"  which  subsumes 
the  chosen  abstraction  D'  of  C.  Therefore  there  is  a  proof  from  f(S) 
of  some  clause  B  subsuming  D".  Note  that  B  subsumes  D'  also.  It  follows 
that  some  such  proof  of  B  will  be  in  VI  for  large  enough  depth.  Hence 
"proofsearchl"  will  eventually  reconstruct  the  proof  of  C",  if  it  is 
allowed  to  continue  long  enough.  To  modify  "proofsearchl"  to  test  if 
C  is  a  logical  consequence  of  S,  we  change  the  exit  condition  from 
"C  e  S1  "  to  "some  clause  subsuming  C  is  in  S'  ".  If  such  a  clause 
is  found,  then  C  is  certainly  a  logical  consequence  of  S.  Conversely, 
by  the  above  reasoning,  if  C  is  a  logical  consequence  of  S,  some  such 
clause  will  eventually  be  derived. 
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The  procedure  "proofsearchl "  will  work  regardless  of  how 
D'  is  chosen.  It  would  be  possible,  therefore,  to  use  all  abstractions 
of  C  at  the  same  time,  and  to  look  for  proofs  of  something  subsuming 
any  abstraction  of  C.  That  is,  we  could  change  the  statement 

"a)  If  <  Bl,  d-j)  e  Nodes(V)  and  d]  <  d  and  Bl  subsumes  D' 
then  <B1,  d]  >  e  Nodes(Vl)" 
to  read 

"a)  If  <  Bl ,  d,  >  e  Nodes(V)  and  d-j  <_  d  and  Bl  subsumes  some 

element  of  f(C)  then  < Bl ,  d]  >  e  Nodes(Vl)." 

We  would  then  eliminate  the  statement  "choose  D'  in  f(C');"  from 

"proofsearchl".  This  might  yield  a  proof  of  C  with  fewer  passes  through 

the  repeat  statement.  We  would  like  to  use  all  abstractions  of  C 

together  in  another  way,  however.   In  particular,  suppose  {f,,  f~,  ...,  f.  } 

is  a  set  of  abstraction  mappings  (not  necessarily  all  distinct)  and  suppose 

D^  r  f.j  (C)  for  1  <_  i  <_  k.  Suppose  T  is  a  proof  of  C  from  a  set 

S  of  input  clauses,  and  U.  is  a  proof  from  f.(S)  such  that  T.  ->  Ui 

i     r         i  if. 

and  Result(Ui)  subsumes  Di  for  1  <  i  <  k.  Let  m](D,  C)  be  the  relation  "D  E  f.(C)1 
and  let  NL(D,  C)  be  the  relation  "B  subsumes  an  element  of  f.(C)", 
for  1  :_  i  <^  k.  Then  for  each  i,  1  <_   i  <_   k,  there  exist  resolutions 
Ri  in  T  and  R\    in  Ui  such  that  (M];Ml)(R!,  R-)  is  true.  However, 
there  does  not  necessarily  exist  a  resolution  R  in  T  such  that  for 


all  i,  1   i  <  k,  there  exists  R'.  in  U.  such  that  (mJ;m!)(R'.  ,  R)  is 

—   —  l     i  1   2   l 

true.  If  such  a  resolution  R  were  guaranteed  to  exist,  we  could 
restrict  the  search  for  a  proof  of  C  to  resolutions  R  which  correspond 
to  resolutions  in  all  the  abstracted  sets  U . .   In  fact,  for  m-abstractions 
and  "m-resolution"  proofs,  to  be  described,  such  an  m-resolution  R  is 
guaranteed  to  exist.   If  k  is  large,  it  seems  unlikely  that  a  "random" 
iOlution  R  will  correspond  to  m-resolutions  in  all  the  sets  U • , 
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and  so  we  apparently  get  a  very   restrictive  search  strategy.  Such  a 
strategy  eliminates  many  irrelevant  m-resolutions  and  does  not  prevent 
the  proof  of  smallest  depth  from  being  found.  Also,  the  use  of  many 
m-abstractions  at  once  is  potentially  inexpensive  in  the  amount  of  time 
and  storage  required.  In  Part  II,  we  present  two  strategies  based  on 
m-abstractions.  These  strategies  use  more  than  one  m-abstraction  at  the 
same  time,  and  seem  to  be  the  most  promising  strategies  presented  here. 
We  also  present  a  simple  strategy  based  on  the  use  of  only  one  m-abstraction 
Other  strategies  based  on  a  modified  kind  of  multiclause  are   also  discussed. 
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3.  CONCLUSIONS 

We  have  shown  how  to  formalize  the  idea  of  using  a  solution 
to  a  simple  problem  as  a  guide  to  the  solution  of  a  more  complicated 
problem.  This  formalization  makes  use  of  "abstraction  mappings",  and 
applies  to  theorem  proving  in  the  first-order  predicate  calculus.  Some 
examples  of  such  abstraction  mappings  have  been  given.  We  have  presented 
a  complete  resolution  theorem  proving  strategy  based  on  abstractions. 
This  strategy  permits  subgoaling  and  depth-first  search  in  a  more 
natural  way  than  most  resolution  theorem  proving  strategies  do.  Also, 
it  is  compatible  with  any  complete  conventional  resolution  theorem 
proving  strategy.  Certain  abstractions  correspond  to  particular 
interpretations  of  the  input  clauses.  They  are   especially  interesting 
because  they  lead  to  a  strategy  which  seems  to  capture  the  intuitive 
idea  of  proving  a  theorem  for  a  particular  example.  Furthermore,  we  can 
generate  such  semantic  abstractions  in  a  completely  mechanical  way,  for 
interpretations  with  a  finite  domain.  However,  we  cannot  explain  in  the 
framework  of  this  paper  why  semantic  abstractions  should  be  any  more  useful 
than  arbitrary  abstractions.   In  Part  II  of  this  paper  we  will  introduce 
"m-abstractions",  which  lead  to  much  simpler  .complete  strategies  than 
those  presented  here. 
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